package com.wits.platform.service.account;

import java.util.HashSet;
import java.util.Set;

import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.ExpiredCredentialsException;
import org.apache.shiro.authc.LockedAccountException;
import org.apache.shiro.authc.SimpleAuthenticationInfo;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.authc.credential.CredentialsMatcher;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.cache.Cache;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
import org.apache.shiro.subject.SimplePrincipalCollection;
import org.springframework.beans.factory.annotation.Autowired;

import com.wits.platform.common.constants.SysTabConstants;
import com.wits.platform.common.utils.DateUtil;
import com.wits.platform.entity.Role;
import com.wits.platform.entity.User;
import com.wits.platform.service.UserService;

public class ShiroDbRealm extends AuthorizingRealm {

    

	public ShiroDbRealm(CredentialsMatcher credentialsMatcher) {
		super(credentialsMatcher);
		// TODO Auto-generated constructor stub
	}

	@Autowired
    private UserService userService;


	/**
	 * 认证回调函数,登录时调用.
	 */
	protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authcToken) throws AuthenticationException {
		UsernamePasswordToken token = (UsernamePasswordToken) authcToken;
		User user =userService.getOne(token.getUsername());
		if (user != null) {
			if(SysTabConstants.SYSTAB_D_TNF_F.equals(user.getIsEnable())){
					//throw new LockedAccountException("账号已锁定");
				throw new LockedAccountException("不可登入");
			}
			if(DateUtil.nowBefore(user.getDateExpire())){
				throw new ExpiredCredentialsException("帐号失效");
			}
			
			ShiroUser shiroUser=new ShiroUser(user.getUserId(),user.getUserNameC(),user.getUsertype());
			return new SimpleAuthenticationInfo(shiroUser, user.getUserPassword(), getName());
		} else {
			return null;
		}
	}

	/**
	 * 授权查询回调函数, 进行鉴权但缓存中无用户的授权信息时调用.
	 */
	protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
		ShiroUser shiroUser = (ShiroUser)principals.getPrimaryPrincipal();
		if (shiroUser != null) {
			User user =userService.getOne(shiroUser.getId());
			SimpleAuthorizationInfo info = new SimpleAuthorizationInfo();
			info.addRoles(user.getRoleNames());
			Set<String> permissions = new HashSet<String>();
			for (Role role : user.getRoles()) {
				permissions.addAll(role.getPermissions());
			}
			info.addStringPermissions(permissions);
			return info;
		} else {
			return null;
		}
	}

	/**
	 * 更新用户授权信息缓存.
	 */
	public void clearCachedAuthorizationInfo(Object principal) {
		SimplePrincipalCollection principals = new SimplePrincipalCollection(principal, getName());
		clearCachedAuthorizationInfo(principals);
	}

	/**
	 * 清除所有用户授权信息缓存.
	 */
	public void clearAllCachedAuthorizationInfo() {
		Cache<Object, AuthorizationInfo> cache = getAuthorizationCache();
		if (cache != null) {
			for (Object key : cache.keys()) {
				cache.remove(key);
			}
		}
	}


}
